Department of Health: Cybercrime
(asked on 14th September 2017) - View Source
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health, pursuant to the Answer of 12 September 2017 to Question 8038, on Department of Health: cybercrime, whether his Department requires contractors to have obtained a certificate from the Government Cyber Essentials scheme; and how many and what proportion of contractors doing work for his Department have obtained such a certificate.
Suppliers are only required to demonstrate that they meet the technical requirements prescribed by Cyber Essentials for those contracts involving the transfer of sensitive data, or digital delivery. These requirements are set out in Procurement Policy Note – Cyber Essentials Scheme: Action Note 09/14 (25 May 2016) which can be obtained at:
and are transposed into the Department’s procurement policy. There is no general requirement for all suppliers to achieve Cyber Essentials certification and the Department does not hold general data on which of its suppliers have achieved Cyber Essentials centrally.
The Department commonly uses G-Cloud and Digital Services Framework for the procurement of in-scope contracts. These schemes are put in place by Government Digital Service and include comprehensive cyber security obligations. Suppliers operating under these schemes are exempt from having to conform with Cyber Essentials.